Cyber scams conning 8,000 people a month

Phishing - a cyberfraud technique which gains sensitive information by masquerading as a trustworthy communication - is ensnaring an average of 8,000 reported victims per month.

The data from Action Fraud and the National Fraud Intelligence Bureau shows that nearly 100,000 people reported phishing scams last year.

Phishing involves the attempt to acquire sensitive information - for example usernames, passwords and credit card details - or steal money, by masquerading as a trusted source in an official-seeming electronic communication such as email, pop-up message, phone call or text message.

More than 68 per cent of people who reported a phishing scam said that they received it in the form of an email, while 12.5 per cent said they were contacted by phone and 8.9 per cent of people received a text message.

Hooking victims in

According to a recent report, it takes cyber criminals an average of just 82 seconds to ensnare a victim with 23 per cent of people likely to open a phishing email.

In December, the most common phishing scam purported to be either from a bank or from HMRC followed by online payment merchants and utility companies.

In one month, 31 percent of all phishing scams reported to Action Fraud contained a potentially malicious hyperlink, which upon clicking could install malware onto the victim’s computer or phone or trick them into providing sensitive information.

Top email addresses reported

Phishing emails use specific subject headings to encourage readers to open them. The most common message title for phishing emails is ‘Attention’ followed by ‘Your account has been revoked’, ‘Hello’ and ‘Important Notification’.

The top email addresses that people reported to have received emails from were; Do-Not-reply@amazon.co.uk, bt.athome@ecomm.bt.com and PQ8MPY@m.apple.com.

Behaviours that put you at risk:

Opening attachments, or clicking on links within unsolicited or unexpected emails

Responding to emails that ask for your personal or financial details

Accessing a webpage that you have arrived at via a link in an email

How to protect yourself:

Don’t open attachments or click on the links within any unsolicited emails you receive, and never respond to emails that ask for your personal or financial details. Remember, you should be able to hover over a link to see where it will really take you.

An email address can be ‘spoofed’ - so if an email appears to be from a person or a company you know of, but the message is unexpected or unusual then contact the sender directly via another method to confirm they sent you the email.

If you receive an email which asks you to login to an online account, for example due to suspicious activity on your account, instead of clicking on the link provided in the email, go directly to the website yourself.

Deputy Head of Action Fraud, Steve Proffitt said: “The new figures show that phishing is a problem which is not going away; it is a means for fraudsters to test the water with potential victims and see how many people they can hook into a scam. For the fraudsters, it is a low risk way of casting out their net and seeing what they can catch. If their emails are convincing enough they can yield high returns and people can easily be persuaded into parting with money or to click on links which then infect their computer with malicious software.

“In order to avoid becoming a victim we urge people to be cautious when opening emails and ask them to follow our protection advice in order to make it as difficult as possible for fraudsters who are simply casting around for their next victim”.